7 Nov
2005
7 Nov
'05
12:16 p.m.
On Mon, 7 Nov 2005, Christian Kuhtz wrote:
How so? Haven't we recently seen an across the board bug in multiple version of $vendor code?
And that's evidence of what other than nobody is willing to pay for what it takes to get better code out of $vendor?
Code can be built better. It just isn't always economical to do so.
In some business models. Financial reports regularly hint that $vendor has margins far exceeding the costs necessity to clean up security-critical code. When the aggregate margins drop thanks to folks choosing $vendor2 because $vendor has decided to let security flaws stew, it's time for $vendor to reevaluate that business model -- at least a little. -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>